From f993f207233e03ae9a6ea39c6cc2f83f7cb78848 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Wed, 22 May 2013 09:02:53 +0000 Subject: [PATCH] * API: fallback auth checks and - if necessary - updates passwords on fallback on successful primary authentication or password change, to ensure they are kept up to date --- phpgwapi/inc/class.auth_fallback.inc.php | 29 ++++++++++++++++++------ 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/phpgwapi/inc/class.auth_fallback.inc.php b/phpgwapi/inc/class.auth_fallback.inc.php index b0e4243884..c87e7aca53 100644 --- a/phpgwapi/inc/class.auth_fallback.inc.php +++ b/phpgwapi/inc/class.auth_fallback.inc.php @@ -12,32 +12,32 @@ /** * Authentication agains a LDAP Server with fallback to SQL - * + * * For other fallback types, simply change auth backends in constructor call */ class auth_fallback implements auth_backend { /** * Primary auth backend - * + * * @var auth_backend */ private $primary_backend; - + /** * Fallback auth backend - * + * * @var auth_backend */ private $fallback_backend; - + /** * Constructor */ function __construct($primary='auth_ldap',$fallback='auth_sql') { $this->primary_backend = new $primary; - + $this->fallback_backend = new $fallback; } @@ -53,6 +53,16 @@ class auth_fallback implements auth_backend if ($this->primary_backend->authenticate($username, $passwd, $passwd_type)) { egw_cache::setInstance(__CLASS__,'backend_used-'.$username,'primary'); + // check if fallback has correct password, if not update it + if (($account_id = $GLOBALS['egw']->accounts->name2id($username)) && + !$this->fallback_backend->authenticate($username,$passwd, $passwd_type)) + { + $backup_currentapp = $GLOBALS['egw_info']['flags']['currentapp']; + $GLOBALS['egw_info']['flags']['currentapp'] = 'admin'; // otherwise + $ret = $this->fallback_backend->change_password('', $passwd, $account_id); + $GLOBALS['egw_info']['flags']['currentapp'] = $backup_currentapp; + error_log(__METHOD__."('$username', \$passwd) updated password for #$account_id on fallback ".($ret ? 'successfull' : 'failed!')); + } return true; } if ($this->fallback_backend->authenticate($username,$passwd, $passwd_type)) @@ -88,7 +98,12 @@ class auth_fallback implements auth_backend } if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary') { - return $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id); + if ($ret = $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id)) + { + // if password successfully changed on primary, also update fallback + $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id); + } + return $ret; } return $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id); }